A source code tester This searches through code (PHP files in this case) and finds possible vulnerable syntax problems

PHP Snippet

&LT;?PHPIF($_GET["search_style"]=="Directory"){?> selected="selected" &LT;?PHP}?>>Directory</OPTION>
<OPTION &LT;?PHPIF($_GET["search_style"]=="File"){?> selected="selected" &LT;?PHP}?>>File</OPTION>
</SELECT>
<INPUT id="user_input" class="user_input" value="" name="source_dir" size="80" onmouseover="javascript:mouseOver_Action('user_input', '#333399');" onmouseout="javascript:mouseOut_Action('user_input', '#333366');">
<INPUT id="analyze" class="button" value="Analyse" type="submit" onmouseover="javascript:mouseOver_Action('analyze', '#333399');" onmouseout="javascript:mouseOut_Action('analyze', '#333366');">
<INPUT id="reset" class="button" type="reset" onmouseover="javascript:mouseOver_Action('reset', '#333399');" onmouseout="javascript:mouseOut_Action('reset', '#333366');"><BR>
<INPUT class="button" type="checkbox" name="RFI"&LT;?PHPIF($_GET["RFI"]=="on"){ECHO"checked";}?>><LABEL class="button">Remote File Inc.</LABEL>
<INPUT class="button" type="checkbox" name="SQL"&LT;?PHPIF($_GET["SQL"]=="on"){ECHO"checked";}?>><LABEL class="button">SQL</LABEL>
<INPUT class="button" type="checkbox" name="RCE"&LT;?PHPIF($_GET["RCE"]=="on"){ECHO"checked";}?>><LABEL class="button">Remote Command Execute</LABEL>
<FIELDSET style='color:#CCCCFF; border-width:1; border-color:#CCCCFF; width:50%;background-color:#333366; margin:0 0 5 0'>
<LEGEND>Custum Search</LEGEND>
<LABEL class="button">Search String: </LABEL><INPUT id="custom_search" class="user_input" value="&LT;?PHPIF(ISSET($_GET['custom_search'])){ECHO$_GET['custom_search'];}?>"name="custom_search" size="80" onmouseover="javascript:mouseOver_Action('custom_search', '#333399');" onmouseout="javascript:mouseOut_Action('custom_search', '#333366');" style='margin:0;'>
</FIELDSET>
</FORM>
&LT;?PHP/*----------------------------------------------------------------------------------------------
DIRECTORY RECURSION FUNCTION
-------------------------------------------------------------------------------------------------*/IF((!ISSET($_GET["source_dir"])) or ($_GET["source_dir"]=="")){?><div class="sql_window">[INFO] Please enter a directory [INFO]</div>&LT;?PHPDIE;}IF(($_GET["search_style"]=="Directory") and (!IS_DIR($_GET["source_dir"]))){?><div class="rfi_window">[Error] &LT;?PHPECHO" ".$_GET["source_dir"]." "?>does not exist or is not a directory [Error]</div>&LT;?PHPDIE;}ELSEIF(($_GET["search_style"]=="File") and (!IS_FILE($_GET["source_dir"]))){?><div class="rfi_window">[Error] &LT;?PHPECHO" ".$_GET["source_dir"]." "?>does not exist or is not a file [Error]</div>&LT;?PHPDIE;}$base_dir=$_GET["source_dir"]."\\";
$dir_listing = array(0 => $base_dir); //Create array for holding dir_listing first entry is user argument
$php_listing = array(); //Create array for holding php files found in search
$x = 0; //set counter
if($_GET["search_style"] == "Directory") {
while($x < count($dir_listing)) { //Loop while the counter is less or equal to array count
$curr_directory = $dir_listing[$x]; //set curr_directory
$dir_handle[$x] = opendir($curr_directory); //set the directory handle for opening the dir. according to the counter
while(false !== ($file = readdir($dir_handle[$x]))) { //read directory listing and loop till the end
$curr_file = $curr_directory . $file;
if(is_dir($curr_file)) { //check if its a directory
if(($file != ".") && ($file != "..")) { //check if its a hidden dire.
$dir_listing[count($dir_listing)] = $curr_file . "\\"; //add to array . using count adds appends it count is not based on 0 start
}
}
if(is_file($curr_file)) { //Check if its a file
if(substr_count($file, ".php")) { //Check if its a php file
$php_listing[count($php_listing)] = $curr_file; //add to files found array php_listing
}
}
}
closedir($dir_handle[$x]); //close handle
$x++; //itterate count
}
} else {
$php_listing[count($php_listing)] = $base_dir;
}
/*-------------------------------------------------------------------------------------------
SOURCE SYNTAX SEARCH FUNCTION
--------------------------------------------------------------------------------------------*/
//Array holding all the strings to search for
if($_GET['custom_search'] <> NULL) { //Check to see if custome search is set to something other than nothing
$custom_search = "on"; //Set custom search on
$vuln_custom_syntax = $_GET['custom_search']; //Get was custom search string contains
$vuln_custom_syntax = explode(',', $vuln_custom_syntax); //seperate everything in custom search into an array
}
//Arrays Containing the most common strings to search for
$vuln_rfi_syntax = array("REQUIRE", "INCLUDE", "EMPTY", "READFILE", "FREAD", "FWRITE", "writefile", "FOPEN","_GET", "_POST", "_SESSION", "_REQUEST", "_USER", "EVAL");
$vuln_sql_syntax = array("sql", "dbquery", "query", "WHERE", "SELECT", "DELETE", "INSERT");
$vuln_rce_syntax = array("POPEN", "SYSTEM", "EVAL", "PASSTHRU");
$vuln_count = 1; //keeps track of the vulnerablities for the xhtml variables to pass to javascript
for($z=0; $z < count($php_listing); $z++) {
$vuln_found = array();
$filename = $php_listing[$z]; //holds the file to search
$handle = fopen($filename, "r"); //opens file for reading only
$contents = fread($handle, filesize($filename)); //reads all content to $contents
?>
<!--New File Started-->
<div class='file_window'>Filename:&LT;?PHPECHO" ".$filename?></div>
&LT;?PHPFCLOSE($handle);//closes file$exp_content=EXPLODE("\n",$contents);//seperate each line of the file into diff. array keysFOR($i=0;$i<=COUNT($exp_content);$i++){//loop until the end of the arrayIF(($exp_content[$i]<>"")//check to see if the line is empty, and for unwanted lines comments and such
and (!STRSTR($exp_content[$i],"//"))//check to see if the line is a comment
and (!STRSTR($exp_content[$i],"/*"))
and (!STRSTR($exp_content[$i],"* "))){$exp_content[$i]=STRIP_TAGS($exp_content[$i]);//strip all html tags before printing out//#########################################################################################// THIS FOLLOWING FOR LOOP CHECKS FOR CUSTOM SEARCH STRINGS PROVIDED BY THE USER// It loops through each vulnerability for the current line of code from exp_content// same loop as above with a different array. This seperates//#########################################################################################IF($custom_search=="on"){FOR($x=0;$x<COUNT($vuln_custom_syntax);$x++){//loop through the vuln. arrayIF(SUBSTR_COUNT($exp_content[$i],$vuln_custom_syntax[$x])){//check and see if the vulnerable string is found$vuln_line="line# ".$i.": ".$exp_content[$i]."\n\r\n\r";//hold vulnerable line found in syntax: Line$ codeIF(!ARRAY_SEARCH($vuln_line,$vuln_found)){//check to see if it exists already or was already found$vuln_found[COUNT($vuln_found)]=$vuln_line;//if not then add to vuln_found array for future checks?>
<a border="0" onmouseover="javascript:mouseOver_Action('v&LT;?PHPECHO$vuln_count?>', '#CC6600');" onmouseout="javascript:mouseOut_Action('v&LT;?PHPECHO$vuln_count?>', '#000');" onmousedown="javascript:mouseDown_Action('c&LT;?PHPECHO$vuln_count?>');"><div id="v&LT;?PHPECHO$vuln_count?>" class="rce_window">&LT;?PHPECHO$vuln_line?>
<div id="c&LT;?PHPECHO$vuln_count?>" class="code_window" style="visibility:hidden">
&LT;?PHPFOR($y=0;$y<=20;$y++){//print the previous/ next 5 lines of codeECHOSTRIP_TAGS($exp_content[($i-11)+$y])."<br>";}?>
</div></div></a>
&LT;?PHP}$vuln_count++;}}}//#########################################################################################// THIS FOLLOWING FOR LOOP CHECKS FOR REMOTE FILE INCLUSION VULNERABILITES// It loops through each vulnerability for the current line of code from exp_content// it also adds it to vuln_found array to double check and see if its a duplicate line. sometimes more than one word is found in a line// after it finds a line it prints it out. or at least allows the html to do its thing with the xhtml in it.// At the end it prints out the next 20 and it increments the exp_content for not searching (since we already can see it)// Then it increments the vuln_count counter which designates the counts on the xhtml//#########################################################################################IF($_GET["RFI"]=="on"){FOR($x=0;$x<COUNT($vuln_rfi_syntax);$x++){//loop through the vuln. arrayIF(SUBSTR_COUNT($exp_content[$i],$vuln_rfi_syntax[$x])){//check and see if the vulnerable string is found$vuln_line="line# ".$i.": ".$exp_content[$i]."\n\r\n\r";//hold vulnerable line found in syntax: Line$ codeIF(!ARRAY_SEARCH($vuln_line,$vuln_found)){//check to see if it exists already or was already found$vuln_found[COUNT($vuln_found)]=$vuln_line;//if not then add to vuln_found array for future checks?>
<a border="0" onmouseover="javascript:mouseOver_Action('v&LT;?PHPECHO$vuln_count?>', '#CC0000');" onmouseout="javascript:mouseOut_Action('v&LT;?PHPECHO$vuln_count?>', '#000');" onmousedown="javascript:mouseDown_Action('c&LT;?PHPECHO$vuln_count?>');"><div id="v&LT;?PHPECHO$vuln_count?>" class="rfi_window">&LT;?PHPECHO$vuln_line?>
<div id="c&LT;?PHPECHO$vuln_count?>" class="code_window" style="visibility:hidden">
&LT;?PHPFOR($y=0;$y<=20;$y++){//print the previous/ next 5 lines of codeECHOSTRIP_TAGS($exp_content[$i+$y])."<br>";}?>
</div></div></a>
&LT;?PHP}$vuln_count++;}}}//#########################################################################################// THIS FOLLOWING FOR LOOP CHECKS FOR SQL VULNERABILITES// It loops through each vulnerability for the current line of code from exp_content// same loop as above with a different array. This seperates//#########################################################################################IF($_GET["SQL"]=="on"){FOR($x=0;$x<COUNT($vuln_sql_syntax);$x++){//loop through the vuln. arrayIF(SUBSTR_COUNT($exp_content[$i],$vuln_sql_syntax[$x])){//check and see if the vulnerable string is found$vuln_line="line# ".$i.": ".$exp_content[$i]."\n\r\n\r";//hold vulnerable line found in syntax: Line$ codeIF(!ARRAY_SEARCH($vuln_line,$vuln_found)){//check to see if it exists already or was already found$vuln_found[COUNT($vuln_found)]=$vuln_line;//if not then add to vuln_found array for future checks?>
<a border="0" onmouseover="javascript:mouseOver_Action('v&LT;?PHPECHO$vuln_count?>', '#666699');" onmouseout="javascript:mouseOut_Action('v&LT;?PHPECHO$vuln_count?>', '#000');" onmousedown="javascript:mouseDown_Action('c&LT;?PHPECHO$vuln_count?>');"><div id="v&LT;?PHPECHO$vuln_count?>" class="sql_window">&LT;?PHPECHO$vuln_line?>
<div id="c&LT;?PHPECHO$vuln_count?>" class="code_window" style="visibility:hidden">
&LT;?PHPFOR($y=0;$y<=20;$y++){//print the previous/ next 5 lines of codeECHOSTRIP_TAGS($exp_content[$i+$y])."<br>";}?>
</div></div></a>
&LT;?PHP}$vuln_count++;}}}//#########################################################################################// THIS FOLLOWING FOR LOOP CHECKS FOR REMOTE COMMAND EXECUTION VULNERABILITES// It loops through each vulnerability for the current line of code from exp_content// same loop as above with a different array. This seperates//#########################################################################################IF($_GET["RCE"]=="on"){FOR($x=0;$x<COUNT($vuln_rce_syntax);$x++){//loop through the vuln. arrayIF(SUBSTR_COUNT($exp_content[$i],$vuln_rce_syntax[$x])){//check and see if the vulnerable string is found$vuln_line="line# ".$i.": ".$exp_content[$i]."\n\r\n\r";//hold vulnerable line found in syntax: Line$ codeIF(!ARRAY_SEARCH($vuln_line,$vuln_found)){//check to see if it exists already or was already found$vuln_found[COUNT($vuln_found)]=$vuln_line;//if not then add to vuln_found array for future checks?>
<a border="0" onmouseover="javascript:mouseOver_Action('v&LT;?PHPECHO$vuln_count?>', '#CC6600');" onmouseout="javascript:mouseOut_Action('v&LT;?PHPECHO$vuln_count?>', '#000');" onmousedown="javascript:mouseDown_Action('c&LT;?PHPECHO$vuln_count?>');"><div id="v&LT;?PHPECHO$vuln_count?>" class="rce_window">&LT;?PHPECHO$vuln_line?>
<div id="c&LT;?PHPECHO$vuln_count?>" class="code_window" style="visibility:hidden">
&LT;?PHPFOR($y=0;$y<=20;$y++){//print the previous/ next 5 lines of codeECHOSTRIP_TAGS($exp_content[($i-11)+$y])."<br>";}?>
</div></div></a>
&LT;?PHP}$vuln_count++;}}}}}}?>

Processing time -- 0.0132 seconds.All photograph,logos, articles, comments and trademarks etc, in this site are property of their respective owners.All the rest (c) 2006 by PhpMyanmar.com.